By Marshall Honorof

Between the National Security Agency (NSA) and Google's own overreaching terms of service, your files on Google Drive may be open to snooping from both organizations. What are the risks and how can you minimize them?

No privacy guarantees

Google Drive is one of the most widespread cloud-storage services around, but between the National Security Agency (NSA) and Google's own overreaching terms of service, your files may be open to snooping from both organizations.

The NSA asserts that its PRISM program targets only citizens of foreign countries and not U.S. residents. Even so, with this technology in place, it would be simplicity itself to turn PRISM's focus toward Americans if the NSA ever decided that it would be valuable.

Google denies granting the NSA unlimited access to private data. "I'm not sure I can say this more clearly: We're not in cahoots with the NSA," said David Drummond, Google's chief legal officer, in a statement to The Guardian

Whether you believe Edward Snowden, the NSA or Google, there are benefits to knowing exactly what Google

Google provides many amenities — an Internet browser, email, a search engine and global navigation, among other things. PRISM can supposedly collect information from any of these services as well as Google Drive, the company's cloud-storage platform. Drive has two components: Making documents and storing them on the fly ("Create"), and importing your own files ("Upload").

Google's privacy policy weighs in at nine pages, and states that Google can collect device, login and location information. If you access Google Drive through Chrome, Google also collects your browser history, plants cookies on your system and records what other applications you've been using.

Google's Drive FAQs say that the company will not use any data you mark as private for marketing or promotional purposes, but its terms of service are much more freewheeling: Google can "use, host, store, reproduce, modify, create derivative works … communicate, publish, publicly perform, publicly display and distribute [user] content."

These permissions may sound scary, but there's actually a very innocent explanation for each one. Google needs to know your device and login information in order to keep you signed-in on a phone or private computer. Your location information helps Google ascertain if someone has hacked your account in an unusual spot — say, Eastern Europe.

Even the company's terms of service are not unusually demanding. Using, hosting and storing data is Drive's explicit purpose. Reproducing, modifying and creating derivative files would be necessary during a server migration or as a recuperative measure if Drive ever became the victim of a large-scale cyberattack.

One could even argue that communicating, publishing, publicly performing or displaying, and distributing content are just convoluted, legal-ese ways of saying that Google can provide your own data to you from any computer you choose, be it public or private.

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Thank you for signing up to Tom's Guide. You will receive a verification email shortly.

There was a problem. Please refresh the page and try again.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.